Security & Trust

Secac

SecAC Security Analysis of Complex Access Control Policies

Overview

SecAC (Security Analysis of Complex Access Control Policies) is supported by the RESTATE Programme, co-funded by the European Union under the FP7 COFUND Marie-Curie Action.

The general aim of the project is to tackle security verification and enforcement in distributed multi-components systems. We want to formally specify such systems by means of a high-level symbolic language that will allow for the (automated) analysis and enforcement of interesting security properties.

Details

  • Period: from 01/10/2012 until 30/09/2014.
  • Duration: 24 months.
  • Funding: RESTATE Programme, co-funded by the European Union under the FP7 COFUND Marie-Curie Action.

Goals

The goal of the project is to provide a uniform declarative framework to define, compose and verify, at design-time as well as at run-time, multi-policy distributed environments. We aim at developing a declarative rule-based specification language with clean and unambiguous semantics, and offering the possibility to perform automatic analysis of access control policies. Design-time analysis will be based on symbolic analysis techniques where violation of authorisation constraints are reduced to symbolic model-checking problems. Run-time verification techniques will be based on aspect-oriented programming for integrating our high-level policy specifications into target programs and ensure safe execution monitoring. This approach guarantees modularity, since security policies are specified and checked independently, and can later be weaved into different applications.

Involved People

Clara Bertolissi

Clara Bertolissi

Silvio Ranise

Silvio Ranise